Safeguard
Topic

Frameworks

In-depth guides and analysis on frameworks from the Safeguard engineering team.

12 articles

Frameworks

NIST AI RMF Cybersecurity Profile (NIST IR 8596 Draft)

NIST released the preliminary draft Cybersecurity Framework Profile for AI (NIST IR 8596) in December 2025, addressing the intersection of AI and cybersecurity from three angles.

Mar 4, 20267 min read
Frameworks

OWASP Top 10:2025 RC1: Software Supply Chain Failures Becomes Its Own Category

The OWASP Top 10:2025 release candidate, published November 2025, splits Vulnerable Components into a broader Software Supply Chain Failures category and elevates Security Misconfiguration to #2.

Nov 20, 20257 min read
Frameworks

SLSA v1.2 Source Track: What Changed in November 2025

SLSA v1.2 was approved in November 2025 and finally completes the Source Track that v0.1 only sketched. We break down the new source levels and what producers must change.

Nov 20, 20256 min read
Frameworks

MITRE ATT&CK v18: Detection Strategies Replace Data Sources

ATT&CK v18 released October 28, 2025, replacing traditional Detections (Data Sources) with Detection Strategies and Analytics. Here is how the model changes for defenders.

Nov 4, 20257 min read
Frameworks

OpenSSF Scorecard v5.1: Azure DevOps Support and File-Mode Selection

Scorecard v5.1 added experimental Azure DevOps repository support and a new --file-mode flag that materially changes how repository files are fetched.

Sep 30, 20256 min read
Frameworks

OpenSSF Scorecard v6 Roadmap: OSPS Baseline Conformance

The Scorecard v6 proposal introduces PASS/FAIL/ATTESTED conformance against the OSPS Baseline, versioned probe mapping, and CI gating. Here is what consumers and maintainers need to know.

Sep 22, 20257 min read
Frameworks

FedRAMP 20x KSIs: Compliance as Machine-Readable Evidence

FedRAMP 20x, launched March 2025, replaces document-heavy authorization with 56-61 Key Security Indicators submitted as OSCAL. Here is what cloud providers must actually automate.

Aug 19, 20257 min read
Frameworks

gittuf Reaches OpenSSF Incubating: A Forge-Independent Git Security Layer

gittuf was promoted from OpenSSF Sandbox to Incubating in June 2025. We unpack the Reference State Log, policy model, and why it matters for SLSA Source L3.

Jul 8, 20256 min read
Frameworks

GUAC v1.0: Supply-Chain Graphs Reach Stable in June 2025

GUAC v1.0 shipped on June 12, 2025. We unpack the GraphQL API surface, the parsers for CSAF, OpenVEX, SPDX, CycloneDX, DSSE, and what stable means for production deployments.

Jun 25, 20255 min read
Frameworks

Software Supply Chain Security Maturity: Where Does Your Organization Stand?

Most organizations know they should care about software supply chain security, but few have a structured way to assess their maturity. A practical framework for evaluating and improving your posture.

Jun 1, 20258 min read
Frameworks

SLSA v1.1 Build Track: What Approved Means for Adopters

SLSA v1.1 was approved in April 2025 with the Build track stabilized. We dig into the spec changes, what L2 and L3 verifiers must reject, and how producers should re-evaluate provenance.

May 8, 20257 min read
Frameworks

OWASP LLM Top 10 2025: System Prompt Leakage and Vector Weaknesses

The OWASP Top 10 for LLM Applications 2025 added System Prompt Leakage and Vector/Embedding Weaknesses, and elevated Sensitive Information Disclosure to #2. Here is the defender view.

Apr 22, 20257 min read
Frameworks — Supply Chain Security Blog | Safeguard